- Install powershell tool - ServerManagerCmd -i PowerShell
- Install Exchange with required roles. If using the SCR server as a CAS, HUB and DR mailbox server, just install those roles as usual.
- If installing 2 SCR servers that will be in a cluster, you will need to install Failover Clustering service on the SCR server (make sure you reboot)
- If using clustering, create folder structure for Exchang install files %:\Program Files\Microsoft\Exchange Server and install Exchange passive node to this location.
- Create storage group folders in the same location as the primary server
- Create log folders in the same location as the primary server
- Enable the storage group eg. Enable-StorageGroupCopy “
\SG_NAME” –StandbyMachine –ReplayLagTime 0.0:0:0 - Seed the database if required (database file will not be there on the SCR server until 50 log files are available. You can dismount the stores and copy databases or follow article from MS Exchange
- To check the storage group copy status use get-storageGroupCopyStatus from a CCR node
Thursday, February 5, 2009
Installing Standby Continuous Replication
Friday, December 19, 2008
Installing Exchange 2007 Prerequisites
Use the following in a btach file for installing the prerequisites for Exchange 2007:
CAS SERVER & HUB TRANSPORT
ServerManagerCmd -i PowerShell
ServerManagerCmd -i RSAT-ADDS
ServerManagerCmd -i Web-Server
ServerManagerCmd -i Web-ISAPI-Ext
ServerManagerCmd -i Web-Metabase
ServerManagerCmd -i Web-Lgcy-Mgmt-Console
ServerManagerCmd -i Web-Basic-Auth
ServerManagerCmd -i Web-Digest-Auth
ServerManagerCmd -i Web-Windows-Auth
ServerManagerCmd -i Web-Dyn-Compression
ServerManagerCmd -i RPC-over-HTTP-proxy
MAILBOX CCR
ServerManagerCmd -i RSAT-ADDS
ServerManagerCmd -i PowerShell
ServerManagerCmd -i Web-Server
ServerManagerCmd -i Web-ISAPI-Ext
ServerManagerCmd -i Web-Metabase
ServerManagerCmd -i Web-Lgcy-Mgmt-Console
ServerManagerCmd -i Web-Basic-Auth
ServerManagerCmd -i Web-Windows-AuthServerManagerCmd -i Failover-Clustering
CAS SERVER & HUB TRANSPORT
ServerManagerCmd -i PowerShell
ServerManagerCmd -i RSAT-ADDS
ServerManagerCmd -i Web-Server
ServerManagerCmd -i Web-ISAPI-Ext
ServerManagerCmd -i Web-Metabase
ServerManagerCmd -i Web-Lgcy-Mgmt-Console
ServerManagerCmd -i Web-Basic-Auth
ServerManagerCmd -i Web-Digest-Auth
ServerManagerCmd -i Web-Windows-Auth
ServerManagerCmd -i Web-Dyn-Compression
ServerManagerCmd -i RPC-over-HTTP-proxy
MAILBOX CCR
ServerManagerCmd -i RSAT-ADDS
ServerManagerCmd -i PowerShell
ServerManagerCmd -i Web-Server
ServerManagerCmd -i Web-ISAPI-Ext
ServerManagerCmd -i Web-Metabase
ServerManagerCmd -i Web-Lgcy-Mgmt-Console
ServerManagerCmd -i Web-Basic-Auth
ServerManagerCmd -i Web-Windows-AuthServerManagerCmd -i Failover-Clustering
Monday, May 12, 2008
How to manually undelete objects in a deleted object's container
If you ever do what I did... this article might save your job. I accidentially deleted four users in the domain... thought I was deleting them from a group. LOSER!!! Regardless... this will help you find the deleted users and re-enable them.
1. Click Start, click Run, and then type ldp.exe. If the Ldp utility is not installed, install the support tools from the Windows Server 2003 installation CD.
2. Use the Connection menu in Ldp to perform the connect operations and the bind operations to a Windows Server 2003 domain controller. Specify domain administrator credentials during the bind operation.
3. On the Options menu, click Controls.
4. In the Load Predefined list, click Return Deleted Objects. The 1.2.840.113556.1.4.417 control moves to the Active Controls window.
5. Under Control Type, click Server, and the click OK.
6. On the View menu, click Tree, type the distinguished name path of the deleted objects container in the domain where the deletion occurred, and then click OK. The distinguished name path is also known as the DN path. For example, if the deletion occurred in the contoso.com domain, the DN path would be the following path: cn=deleted Objects,dc=contoso,dc=com
7. In the left pane of the window, double click the Deleted Object Container.
As a search result of Idap query, only 1000 objects are returned by default. Fot example, if more than 1000 objects exist in the Deleted Objects container, not all objects appear in this container. If your target object does not appear, use ntdsutil, and then set the maximum number by using maxpagesize to get the search results .
8. Double-click the object that you want to undelete or to reanimate.
9. Right-click the object that you want to reanimate, and then click Modify.
Change the value for the isDeleted attribute and the DN path in a single Lightweight Directory Access Protocol (LDAP) modify operation. To configure the Modify dialog, follow these steps:
a. In the Edit Entry Attribute box, type isDeleted. Leave the Value box blank.
b. Click the Delete option button, and then click Enter to make the first of two entries in the Entry List dialog. Important Do not click Run.
c. In the Attribute box, type distinguishedName.
d. In the Values box, type the new DN path of the reanimated object.
For example, to reanimate the JohnDoe user account to the Mayberry OU, use the following DN path:
cn=JohnDoe,ou=Mayberry,dc=contoso,dc=com
Note If you want to reanimate a deleted object to its original container, append the value of the deleted object's lastKnownParent attribute to its CN value, and then paste the full DN path in the Values box.
e. In the Operation box, click REPLACE.
f. Click ENTER.
g. Click to select the Synchronous check box.
h. Click to select the Extended check box.
i. Click RUN.
10. After you reanimate the objects, click Controls on the Options menu, click the Check Out button to remove (1.2.840.113556.1.4.417) from the Active Controls box list.
11. Reset user account passwords, profiles, home directories and group memberships for the deleted users.
When the object was deleted, all the attribute values except SID, ObjectGUID, LastKnownParent and SAMAccountName were stripped.
12. Enable the reanimated account in Active Directory Users and Computers.
Note The reanimated object has the same primary SID as it had before the deletion, but the object must be added again to the same security groups to have the same level of access to resources. The first release of Windows Server 2003 does not preserve the sIDHistory attribute on reanimated user accounts, computer accounts, and security groups. Windows Server 2003 with Service Pack 1 does preserve the sIDHistory attribute on deleted objects.
13. Remove Microsoft Exchange attributes and reconnect the user to the Exchange mailbox.
The reanimation of deleted objects is supported when the deletion occurs on a Windows Server 2003 domain controller. The reanimation of deleted objects is not supported when the deletion occurs on a Windows 2000 domain controller that is subsequently upgraded to Windows Server 2003.
If the deletion occurs on a Windows 2000 domain controller in the domain, the lastParentOf attribute is not populated on Windows Server 2003 domain controllers.
1. Click Start, click Run, and then type ldp.exe. If the Ldp utility is not installed, install the support tools from the Windows Server 2003 installation CD.
2. Use the Connection menu in Ldp to perform the connect operations and the bind operations to a Windows Server 2003 domain controller. Specify domain administrator credentials during the bind operation.
3. On the Options menu, click Controls.
4. In the Load Predefined list, click Return Deleted Objects. The 1.2.840.113556.1.4.417 control moves to the Active Controls window.
5. Under Control Type, click Server, and the click OK.
6. On the View menu, click Tree, type the distinguished name path of the deleted objects container in the domain where the deletion occurred, and then click OK. The distinguished name path is also known as the DN path. For example, if the deletion occurred in the contoso.com domain, the DN path would be the following path: cn=deleted Objects,dc=contoso,dc=com
7. In the left pane of the window, double click the Deleted Object Container.
As a search result of Idap query, only 1000 objects are returned by default. Fot example, if more than 1000 objects exist in the Deleted Objects container, not all objects appear in this container. If your target object does not appear, use ntdsutil, and then set the maximum number by using maxpagesize to get the search results .
8. Double-click the object that you want to undelete or to reanimate.
9. Right-click the object that you want to reanimate, and then click Modify.
Change the value for the isDeleted attribute and the DN path in a single Lightweight Directory Access Protocol (LDAP) modify operation. To configure the Modify dialog, follow these steps:
a. In the Edit Entry Attribute box, type isDeleted. Leave the Value box blank.
b. Click the Delete option button, and then click Enter to make the first of two entries in the Entry List dialog. Important Do not click Run.
c. In the Attribute box, type distinguishedName.
d. In the Values box, type the new DN path of the reanimated object.
For example, to reanimate the JohnDoe user account to the Mayberry OU, use the following DN path:
cn=JohnDoe,ou=Mayberry,dc=contoso,dc=com
Note If you want to reanimate a deleted object to its original container, append the value of the deleted object's lastKnownParent attribute to its CN value, and then paste the full DN path in the Values box.
e. In the Operation box, click REPLACE.
f. Click ENTER.
g. Click to select the Synchronous check box.
h. Click to select the Extended check box.
i. Click RUN.
10. After you reanimate the objects, click Controls on the Options menu, click the Check Out button to remove (1.2.840.113556.1.4.417) from the Active Controls box list.
11. Reset user account passwords, profiles, home directories and group memberships for the deleted users.
When the object was deleted, all the attribute values except SID, ObjectGUID, LastKnownParent and SAMAccountName were stripped.
12. Enable the reanimated account in Active Directory Users and Computers.
Note The reanimated object has the same primary SID as it had before the deletion, but the object must be added again to the same security groups to have the same level of access to resources. The first release of Windows Server 2003 does not preserve the sIDHistory attribute on reanimated user accounts, computer accounts, and security groups. Windows Server 2003 with Service Pack 1 does preserve the sIDHistory attribute on deleted objects.
13. Remove Microsoft Exchange attributes and reconnect the user to the Exchange mailbox.
The reanimation of deleted objects is supported when the deletion occurs on a Windows Server 2003 domain controller. The reanimation of deleted objects is not supported when the deletion occurs on a Windows 2000 domain controller that is subsequently upgraded to Windows Server 2003.
If the deletion occurs on a Windows 2000 domain controller in the domain, the lastParentOf attribute is not populated on Windows Server 2003 domain controllers.
Wednesday, September 20, 2006
Exchange loses its secure channel in the domain
Ok…for whatever reason you break your Exchange servers secure channel to the domain and you have exhausted all avenues to get it back (Netdom/NLTest), your last resort might be to remove the Exchange server from the domain and rejoin it. Well…that just sounds like I want to shoot myself in the foot.
This happened to me and I thought Microsoft was nuts in recommending it. But after we tried everything…we figured that we had nothing to lose. The Exchange server could see the domain but no machines in the domain could connect to the Exchange. When you tried to browse the Exchange server, you would get a message “The target account name is incorrect”.
So…here…we…go…
I made sure that all the stores were stopped. Set all the Exchange services to disabled and just for the fun of it ran an eseutil /mh against the databases. Lo and behold, they were all in a “Dirty Shutdown” state. Great!!
Anyway…we removed it from the domain, rebooted, logged in with local administrator, rejoined the domain, rebooted and logged in with domain admin rights. (Took much less time to write than actually do).
Then we opened Services and started the SA. Its good!! Then the IS. Its good too. (Geez…this is awesome). Then the MTA, Management, and all the others. Its all good!! Well I’ll be a monkey’s uncle. We tested to see if mail was flowing internally and externally and its all good.
Another great save!!!!
Over and out from Bermuda…
This happened to me and I thought Microsoft was nuts in recommending it. But after we tried everything…we figured that we had nothing to lose. The Exchange server could see the domain but no machines in the domain could connect to the Exchange. When you tried to browse the Exchange server, you would get a message “The target account name is incorrect”.
So…here…we…go…
I made sure that all the stores were stopped. Set all the Exchange services to disabled and just for the fun of it ran an eseutil /mh against the databases. Lo and behold, they were all in a “Dirty Shutdown” state. Great!!
Anyway…we removed it from the domain, rebooted, logged in with local administrator, rejoined the domain, rebooted and logged in with domain admin rights. (Took much less time to write than actually do).
Then we opened Services and started the SA. Its good!! Then the IS. Its good too. (Geez…this is awesome). Then the MTA, Management, and all the others. Its all good!! Well I’ll be a monkey’s uncle. We tested to see if mail was flowing internally and externally and its all good.
Another great save!!!!
Over and out from Bermuda…
How to check if a mail server is on a Blacklist
Have you ever had to check a domain name to see if its on a blacklist? I like to use www.dnsstuff.com . It works great but reports back on every blacklist available. And sometimes if the server is busy, it could take up to a day to report back. Well that does you no good if you need a report right now.
What if you are using SPAM software that you get to list specific blacklist. There is an easy way to check…here are the steps.
1. Get the Internet header from the message that bounces back.
2. Locate the IP address of each mail server that the message has passed through.
3. Once you have a list of all the IP addresses of mail servers the mail has passed through, you need to check whether any of these are listed as blocked by one or more of the DNS blacklists you have enabled in your configuration. This can be checked using one of the following procedures:
Using Ping: At the command prompt type ping (reversed IP).(relay blacklist)
Example: If the mail server address is 24.222.0.10 and you are checking it against the blacklist relays.ordb.org the command would be:
ping 10.0.222.24.relays.ordb.org
Good Results: Ping request could not find host 10.0.222.24.relays.ordb.org. Please check the name and try again would indicate that the IP address being checked is not in relays.ordb.org. You can proceed to check the IP address with the other DNS Blacklists enabled, or check the other IP addresses found in the email header.
Bad Results: Pinging 10.0.222.24.relays.ordb.org [127.0.0.2] with 32 bytes of datawould indicate that the IP address is found on the DNS Blacklist being check. Note that you do not need to check that you get a reply to your ping request. You just need to check that the host (10.0.222.24.relays.ordb.org) resolves to an IP address (127.0.0.2 in this case). Note also that the IP address to which it resolves is not important either.
Using NSLOOKUP: At the command prompt type nslookup (reversed IP).(relay blacklist)
Example: If the mail server address is 24.222.0.10 and you are checking it against the blacklist relays.ordb.org the command would be:
nslookup 10.0.222.24.relays.ordb.org
Good Results: DNS Server can’t find 10.0.222.24.relays.ordb.org: Non-existent domain: indicates that the IP address is not in relays.ordb.org. You can proceed to check the IP address with the other DNS Blacklists enabled or check the other IP addresses found in the email header.
Bad Results: Would be as follows:
Non-authoritative answer:Name: 10.0.222.24.relays.ordb.orgAddress: 127.0.0.2indicates that the IP address is found on the relays.ordb.org blacklist
Hope that helps your search…
What if you are using SPAM software that you get to list specific blacklist. There is an easy way to check…here are the steps.
1. Get the Internet header from the message that bounces back.
2. Locate the IP address of each mail server that the message has passed through.
3. Once you have a list of all the IP addresses of mail servers the mail has passed through, you need to check whether any of these are listed as blocked by one or more of the DNS blacklists you have enabled in your configuration. This can be checked using one of the following procedures:
Using Ping: At the command prompt type ping (reversed IP).(relay blacklist)
Example: If the mail server address is 24.222.0.10 and you are checking it against the blacklist relays.ordb.org the command would be:
ping 10.0.222.24.relays.ordb.org
Good Results: Ping request could not find host 10.0.222.24.relays.ordb.org. Please check the name and try again would indicate that the IP address being checked is not in relays.ordb.org. You can proceed to check the IP address with the other DNS Blacklists enabled, or check the other IP addresses found in the email header.
Bad Results: Pinging 10.0.222.24.relays.ordb.org [127.0.0.2] with 32 bytes of datawould indicate that the IP address is found on the DNS Blacklist being check. Note that you do not need to check that you get a reply to your ping request. You just need to check that the host (10.0.222.24.relays.ordb.org) resolves to an IP address (127.0.0.2 in this case). Note also that the IP address to which it resolves is not important either.
Using NSLOOKUP: At the command prompt type nslookup (reversed IP).(relay blacklist)
Example: If the mail server address is 24.222.0.10 and you are checking it against the blacklist relays.ordb.org the command would be:
nslookup 10.0.222.24.relays.ordb.org
Good Results: DNS Server can’t find 10.0.222.24.relays.ordb.org: Non-existent domain: indicates that the IP address is not in relays.ordb.org. You can proceed to check the IP address with the other DNS Blacklists enabled or check the other IP addresses found in the email header.
Bad Results: Would be as follows:
Non-authoritative answer:Name: 10.0.222.24.relays.ordb.orgAddress: 127.0.0.2indicates that the IP address is found on the relays.ordb.org blacklist
Hope that helps your search…
Wednesday, August 23, 2006
Configuring Exchange Active Sync
Ok…so I have now configured EAS a few times and each time I had the same error come up. It has to do with EAS running on the same server as the Exchange mailboxes. In a front-end back-end configuration this would not happen. The issue is the Exchange directory in IIS on the OWA web site. When you install SSL, it sets SSL on the Exchange directory. When using OMA or EAS, SSL cannot be enabled on the Exchange directory. The MS link before explains how to create another directory in IIS for just OMA and make a registry change to point to this folder for EAS.
http://support.microsoft.com/kb/817379/
http://support.microsoft.com/kb/817379/
Tuesday, August 1, 2006
Subscribe to:
Posts (Atom)